The applications distributed by such top banks and financial institutions as Wells Fargo and Bank of America placed various types of information at varying degrees of risk. But at least one Android application, distributed by Wells Fargo, stored an account holder’s user name and password on the phone in cleartext. The application also stored account balances on the phone, according to a security researcher who spoke with the Wall Street Journal.

The applications store the information in the phone’s memory, allowing an attacker to easily glean it from the phone by tricking the user into visiting a malicious website. An example would be sending the user a phishing e-mail containing a link to the malicious site.

An estimated 40 million consumers, including young people and people who prefer to pay in cash, have too little credit experience to generate a useful credit score. But they are likely to pay rent or utility bills, which could help credit bureaus better assess their credit-worthiness.

Experian, one of the three major credit bureaus, bought RentBureau—which collects rental-payment data from large property managers—and expects to integrate that information into credit records before the end of the year.

Credit bureaus say they also would like to offer data on cellphone payments, but have run into concerns over privacy issues, which may require legislation to untangle.

And from this second article, there is a classaction lawsuit against news outlets that received personal information from cellphone users, via the advertising company, Ringleader. If the cellphone user tried to delete the code that collected personal information, the database regenerated itself.

Meanwhile, the iPhone apps from USAA, Bank of America, Wells Fargo, and Vanguard and PayPal's Android app all passed the security tests and were found to be handling data securely.

I know on my own device that the iPhone stores the username in cleartext on the Chase banking app, but that's no big deal to me because I use a strong password. What I'd like to see is a biometric implementation, especially given the utility of touchscreen devices. I had such a product on my old Treo 650 that opened apps based upon your voice pattern. Surely something could be constructed for the iPhone and/or the Android.

The way things are trending, I get the feeling that Apple and Google - as the gatekeepers of their respective mobile OS realms and the arbiters of constitutes secure within them - are going to end up in front of some appropriate committee once the potential problems outlined in stories like these pass a certain threshold.